1. Field of the Invention
The present invention relates to communication control systems that enable a personal computer usually connected to a local area network (LAN) when in use to be connected temporarily to the same LAN from a different location and via a different communication device, while ensuring security without time and effort spent on configuration, and network management systems using such communication control systems.
2. Description of the Related Art
In recent years, software generally called groupware has been widely used in companies and the like. The use of groupware permits an effective schedule management of group members or reservation of shared facilities such as a meeting room.
JP H09-128446A discloses a system that enables also a reservation of equipment to be used, at the time of reserving the use of a meeting room and the like. In this system, a reservation terminal registers a use schedule of a meeting room in a main management apparatus. The use schedule is registered as a set of at least a room name, a reservation time and equipment to be used. In each meeting room, a control apparatus is provided to perform a centralized control of environment control equipment or audio-visual equipment that is provided in the meeting room. Then, room environmental control equipment (such as an air conditioner and an illumination device) is operated in such a manner that the environment of the meeting room is adequate for use at the reservation time, and devices associated with the equipment to be used are operated in a series of procedures so that the equipment to be used that has been set in the use schedule can be used at the reservation time.
In addition, it recently has been becoming common to use personal computers and projectors to make presentations at conferences or business negotiations. In this case, when someone makes a presentation at the company he or she works at, the presentation and its preparation often are efficient if the presenter can bring, into the meeting room, a portable (notebook) personal computer that he or she usually uses and can access the company server via an in-house LAN. Therefore, a LAN cable for accessing the in-house LAN may be laid also in the meeting room, and a unique IP (Internet Protocol) address and the like may be provided for the meeting room. Furthermore, wireless LANs have been coming into widespread use in recent years, and it has been becoming possible to set up an access point of a wireless LAN in the meeting room or its vicinity, and to access the company server via this access point.
However, since people who are not with the company may enter the meeting room for meetings or negotiations, security considerations are required for connections to the in-house LAN from the meeting room in order to prevent unauthorized access or eavesdropping. In particular, special considerations are required in the case of using a wireless LAN because of its lower security as compared with a wired LAN.
Therefore, in the case of a wired LAN, the address management of the meeting room generally has been performed by one of the following three methods: (1) Only the users of the meeting room are notified of a unique address configured for the meeting room, and the system manager changes the unique address of the meeting room each time the meeting room is used or at an appropriate frequency; (2) A personal computer is provided with an IP address corresponding to a MAC (Media Access Control) address at the time of connection by using a DHCP (Dynamic Host Configuration Protocol) server or the like; and (3) A personal computer that is usually used at the office is used also in the meeting room and the like by using a dynamic V-LAN. However, in the case of the method (1), the configuration change needs to be performed manually, causing a heavy burden to the user during the configuration change or to the system manager. In the case of the method (2), it is necessary to provide a DHCP server, resulting in many operation man-hours for, for example, the MAC address management for terminal clients. In addition, unauthorized access becomes possible if the MAC address is forged. Furthermore, in the case of the method (3), the configuration change for the personal computer and the like does not need to be performed, but special network equipment or an authentication server will be required, leading to a cost increase.
In the case of a wireless LAN, there is the possibility that the encryption key may be decrypted if a WEP (Wired Equivalent Privacy) key is fixed, so that it is necessary to change the WEP key at an appropriate frequency. According to the literature, when a large volume of data is sent/received using a 128-bit WEP key under the 802.11b standard, it is possible to determine the WEP key based on the data with about 8 hours of collected data. Furthermore, the time required for determining a WEP key has become even shorter, owing to a recent increase in the speed of wireless LANs.
In response to this, WPA (Wi-Fi protected access) recently has been standardized as a result of improvements in the security of wireless LANs. This system has been improved in the vulnerability to eavesdropping and unauthorized access, which are weaknesses of WEP. Particularly, in terms of protection against eavesdropping, it is not possible to decrypt data easily by data accumulation. Therefore, the system is relatively safe even when the same shared key is used for a long period of time. If the key is constantly fixed, however, it may lead to a danger in case the shared key is disclosed, so that it is preferable to change the key periodically. However, it is burdensome for the system manager to perform this operation manually. In addition, although a system for changing a WEP key dynamically by performing authentication by an ID and a password with a RADIUS (Remote Authentication Dial-In User Service) server also has become available recently, this has the problem of requiring many man-hours to operate the server.